- Get link
- X
- Other Apps
If
you are facing an issue in which your rails application is using gem
'devise' and taking too much time while user tries to login then one
of the biggest reason can be 'stretches'
and 'bcrypt'. By default, devise uses bcrypt for encryption of your passwords. So, if you are facing this issue then it
means you haven't specified :encryption option in your model and
devise is using default encryption technique i.e. 'bcrypt'.
Remove
the following from your devise.rb:
By specifying 'stretches', you are specifying complexity of encryption. Higher value of 'stretches' means higher security and higher difficulty for unauthorized decryption. Normally, I prefer 12 as a value for :stretches but if you really want to increase this complexity, it can cause very serious issue
with bcrypt encryption. Bcrypt encryption will take too much time or it may take that much time in
which your server will give you error of timeout.
To
fix this issue is to reduce :stretches or to use another encryption technique. You can use some other encryption such as 'sha1',
'sha512' etc. But I suggest you to read Hash algorithm Vs bcrypt before going forward to change encryption technique. Now if you still want to change your encryption technique, you just need to add :encrytable option in your model
with :stretches more than 20 and to specify encryptor in devise
initialisation file. Here I am using 'sha512' as encryptor.
My
model:
...
...
devise :database_authenticatable, :registerable,
    :recoverable,:rememberable, :trackable, :validatable,
    :confirmable, :encryptable, :stretches => 30
...
...
...
devise :database_authenticatable, :registerable,
    :recoverable,:rememberable, :trackable, :validatable,
    :confirmable, :encryptable, :stretches => 30
...
...
My
devise initializer (devise.rb):
...
...
config.encryptor = :sha512
...
...
...
config.encryptor = :sha512
...
...
If
you face an errror: 'uninitialized constant
Devise::Models::Encryptable (NameError)', try to install gem
'devise-encryptable'
# In your gem file
gem 'devise-encryptable'
# On console
$ bundle install
gem 'devise-encryptable'
# On console
$ bundle install
# Automatically apply schema changes in tableless databases
config.apply_schema = false
# If true, uses the password salt as remember token. This should be turned
# to false if you are not using database authenticatable.
config.use_salt_as_remember_token = true
config.apply_schema = false
# If true, uses the password salt as remember token. This should be turned
# to false if you are not using database authenticatable.
config.use_salt_as_remember_token = true
Further
if you got error about password_salt: undefined
method `password_salt'
for #<User:0x37a1678>
Just
add a new column in your users table with name 'password_salt' to store salt.
Thats
it!
Comments
Post a Comment